EP3999984A4 - Systèmes et procédés de détection et d'atténuation de logiciels rançonneurs - Google Patents

Systèmes et procédés de détection et d'atténuation de logiciels rançonneurs Download PDF

Info

Publication number
EP3999984A4
EP3999984A4 EP20842671.8A EP20842671A EP3999984A4 EP 3999984 A4 EP3999984 A4 EP 3999984A4 EP 20842671 A EP20842671 A EP 20842671A EP 3999984 A4 EP3999984 A4 EP 3999984A4
Authority
EP
European Patent Office
Prior art keywords
mitigation
systems
methods
ransomware detection
ransomware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20842671.8A
Other languages
German (de)
English (en)
Other versions
EP3999984A1 (fr
Inventor
Dennis Underwood
Kyle NEHMAN
Noah GREENBURG
Mark WEIDEMAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cyber Crucible Inc
Original Assignee
Cyber Crucible Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyber Crucible Inc filed Critical Cyber Crucible Inc
Publication of EP3999984A1 publication Critical patent/EP3999984A1/fr
Publication of EP3999984A4 publication Critical patent/EP3999984A4/fr
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9027Trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)
EP20842671.8A 2019-07-23 2020-07-21 Systèmes et procédés de détection et d'atténuation de logiciels rançonneurs Pending EP3999984A4 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962877748P 2019-07-23 2019-07-23
PCT/US2020/042924 WO2021016270A1 (fr) 2019-07-23 2020-07-21 Systèmes et procédés de détection et d'atténuation de logiciels rançonneurs

Publications (2)

Publication Number Publication Date
EP3999984A1 EP3999984A1 (fr) 2022-05-25
EP3999984A4 true EP3999984A4 (fr) 2023-08-02

Family

ID=74191389

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20842671.8A Pending EP3999984A4 (fr) 2019-07-23 2020-07-21 Systèmes et procédés de détection et d'atténuation de logiciels rançonneurs

Country Status (6)

Country Link
US (1) US11720678B2 (fr)
EP (1) EP3999984A4 (fr)
JP (1) JP7393517B2 (fr)
AU (1) AU2020315905A1 (fr)
CA (1) CA3148437C (fr)
WO (1) WO2021016270A1 (fr)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11010233B1 (en) 2018-01-18 2021-05-18 Pure Storage, Inc Hardware-based system monitoring
US11711310B2 (en) 2019-09-18 2023-07-25 Tweenznet Ltd. System and method for determining a network performance property in at least one network
US11645162B2 (en) 2019-11-22 2023-05-09 Pure Storage, Inc. Recovery point determination for data restoration in a storage system
US11687418B2 (en) 2019-11-22 2023-06-27 Pure Storage, Inc. Automatic generation of recovery plans specific to individual storage elements
US11720714B2 (en) 2019-11-22 2023-08-08 Pure Storage, Inc. Inter-I/O relationship based detection of a security threat to a storage system
US12079502B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Storage element attribute-based determination of a data protection policy for use within a storage system
US11755751B2 (en) 2019-11-22 2023-09-12 Pure Storage, Inc. Modify access restrictions in response to a possible attack against data stored by a storage system
US11625481B2 (en) 2019-11-22 2023-04-11 Pure Storage, Inc. Selective throttling of operations potentially related to a security threat to a storage system
US11341236B2 (en) 2019-11-22 2022-05-24 Pure Storage, Inc. Traffic-based detection of a security threat to a storage system
US11615185B2 (en) 2019-11-22 2023-03-28 Pure Storage, Inc. Multi-layer security threat detection for a storage system
US11675898B2 (en) 2019-11-22 2023-06-13 Pure Storage, Inc. Recovery dataset management for security threat monitoring
US12067118B2 (en) 2019-11-22 2024-08-20 Pure Storage, Inc. Detection of writing to a non-header portion of a file as an indicator of a possible ransomware attack against a storage system
US12079356B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Measurement interval anomaly detection-based generation of snapshots
US12050683B2 (en) * 2019-11-22 2024-07-30 Pure Storage, Inc. Selective control of a data synchronization setting of a storage system based on a possible ransomware attack against the storage system
US11941116B2 (en) 2019-11-22 2024-03-26 Pure Storage, Inc. Ransomware-based data protection parameter modification
US12079333B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Independent security threat detection and remediation by storage systems in a synchronous replication arrangement
US11651075B2 (en) 2019-11-22 2023-05-16 Pure Storage, Inc. Extensible attack monitoring by a storage system
US11720692B2 (en) 2019-11-22 2023-08-08 Pure Storage, Inc. Hardware token based management of recovery datasets for a storage system
US11657155B2 (en) 2019-11-22 2023-05-23 Pure Storage, Inc Snapshot delta metric based determination of a possible ransomware attack against data maintained by a storage system
US11500788B2 (en) 2019-11-22 2022-11-15 Pure Storage, Inc. Logical address based authorization of operations with respect to a storage system
US12050689B2 (en) 2019-11-22 2024-07-30 Pure Storage, Inc. Host anomaly-based generation of snapshots
US11520907B1 (en) 2019-11-22 2022-12-06 Pure Storage, Inc. Storage system snapshot retention based on encrypted data
US11716338B2 (en) * 2019-11-26 2023-08-01 Tweenznet Ltd. System and method for determining a file-access pattern and detecting ransomware attacks in at least one computer network
US20220179964A1 (en) * 2020-12-07 2022-06-09 International Business Machines Corporation Machine learning based vulnerable target identification in ransomware attack
US11588849B2 (en) 2021-01-27 2023-02-21 Bank Of America Corporation System for providing enhanced cryptography based response mechanism for malicious attacks
US11336685B1 (en) * 2021-12-22 2022-05-17 Nasuni Corporation Cloud-native global file system with rapid ransomware recovery
US12111930B2 (en) * 2022-08-08 2024-10-08 Saudi Arabian Oil Company Utilizing machine learning to detect ransomware in code
JP7566230B1 (ja) 2022-12-06 2024-10-11 三菱電機株式会社 配置場所選定装置、配置場所選定方法、及び配置場所選定プログラム
CN117725630B (zh) * 2024-02-08 2024-07-09 深信服科技股份有限公司 安全防护方法、设备、存储介质和计算机程序产品

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190109870A1 (en) * 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7840696B2 (en) 2003-07-25 2010-11-23 Broadcom Corporation Apparatus and method for classifier identification
US7447698B2 (en) * 2005-12-13 2008-11-04 International Business Machines Corporation Method for balancing binary search trees
US8775402B2 (en) * 2006-08-15 2014-07-08 Georgia State University Research Foundation, Inc. Trusted query network systems and methods
US8769685B1 (en) * 2010-02-03 2014-07-01 Symantec Corporation Systems and methods for using file paths to identify potentially malicious computer files
US8112521B2 (en) 2010-02-25 2012-02-07 General Electric Company Method and system for security maintenance in a network
US9245114B2 (en) 2010-08-26 2016-01-26 Verisign, Inc. Method and system for automatic detection and analysis of malware
WO2013130867A1 (fr) * 2012-02-29 2013-09-06 Sourcefire, Inc. Procédé et appareil de détection rétroactive de logiciel malveillant ou autrement indésirable
EP3213207A4 (fr) * 2014-10-31 2018-04-25 Cyber Crucible Inc. Système et procédé destinés à la détection d'intrusion de réseau de canaux cachés en fonction du trafic de réseau hors ligne
CN105491001B (zh) * 2015-05-14 2017-02-22 瑞数信息技术(上海)有限公司 一种安全通讯方法和装置
US20170366563A1 (en) * 2016-06-21 2017-12-21 Guardicore Ltd. Agentless ransomware detection and recovery
US10262138B2 (en) 2016-09-15 2019-04-16 Paypal, Inc. Techniques for ransomware detection and mitigation
US10609066B1 (en) * 2016-11-23 2020-03-31 EMC IP Holding Company LLC Automated detection and remediation of ransomware attacks involving a storage device of a computer network
US10169586B2 (en) * 2016-12-31 2019-01-01 Fortinet, Inc. Ransomware detection and damage mitigation
US10607009B2 (en) 2017-04-05 2020-03-31 Block Ransomware, Llc System and method for blocking ransomware infections
US10528733B2 (en) * 2017-08-31 2020-01-07 International Business Machines Corporation Integrity, theft protection and cyber deception using a deception-based filesystem
US20190108340A1 (en) 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection
US20190158512A1 (en) * 2017-11-20 2019-05-23 Fortinet, Inc. Lightweight anti-ransomware system
US10810304B2 (en) * 2018-04-16 2020-10-20 International Business Machines Corporation Injecting trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code
US11093625B2 (en) * 2019-05-09 2021-08-17 Vmware, Inc. Adaptive file access authorization using process access patterns
US11681804B2 (en) * 2020-03-09 2023-06-20 Commvault Systems, Inc. System and method for automatic generation of malware detection traps

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190109870A1 (en) * 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Tree traversal - Wikipedia", 11 January 2019 (2019-01-11), XP055681680, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=Tree_traversal&oldid=877906291> [retrieved on 20200401] *
GÓMEZ-HERNÁNDEZ J A ET AL: "R-Locker: Thwarting ransomware action through a honeyfile-based approach", COMPUTERS & SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 73, 5 December 2017 (2017-12-05), pages 389 - 398, XP085342831, ISSN: 0167-4048, DOI: 10.1016/J.COSE.2017.11.019 *
ROUTA MOUSSAILEB ET AL: "Ransomware's Early Mitigation Mechanisms", AVAILABILITY, RELIABILITY AND SECURITY, ACM, 2 PENN PLAZA, SUITE 701NEW YORKNY10121-0701USA, 27 August 2018 (2018-08-27), pages 1 - 10, XP058414518, ISBN: 978-1-4503-6448-5, DOI: 10.1145/3230833.3234691 *
See also references of WO2021016270A1 *

Also Published As

Publication number Publication date
CA3148437C (fr) 2023-10-24
CA3148437A1 (fr) 2021-01-28
KR20220038106A (ko) 2022-03-25
AU2020315905A1 (en) 2022-03-03
EP3999984A1 (fr) 2022-05-25
US11720678B2 (en) 2023-08-08
WO2021016270A1 (fr) 2021-01-28
JP2022542061A (ja) 2022-09-29
US20210026961A1 (en) 2021-01-28
JP7393517B2 (ja) 2023-12-06

Similar Documents

Publication Publication Date Title
EP3999984A4 (fr) Systèmes et procédés de détection et d&#39;atténuation de logiciels rançonneurs
EP3803655A4 (fr) Système et procédé d&#39;atténuation de menace
EP3921773A4 (fr) Systèmes et procédé de détection de voie
EP3794368A4 (fr) Systèmes et procédés de détection d&#39;objets
EP3931079A4 (fr) Systèmes et procédés d&#39;évaluation opérationnelle en vol
EP3692338A4 (fr) Systèmes et procédés de détermination de trajet
EP3586324A4 (fr) Procédés et systèmes de détection d&#39;incendie
EP3797314A4 (fr) Systèmes et procédés d&#39;amélioration de détection de cibles
EP3884411A4 (fr) Systèmes et procédés de détection de logiciels malveillants et de logiciels rançonneurs basés sur la cryptomonnaie
EP4081107A4 (fr) Systèmes et procédés de détection de chute
EP3781878A4 (fr) Systèmes et procédés d&#39;ajustement de seuils d&#39;atténuation
EP3884701A4 (fr) Systèmes et procédés de détection de brouillage inter-liaisons
EP4066463A4 (fr) Système et procédé d&#39;atténuation de menace
EP3920126A4 (fr) Système et procédé de détection d&#39;acte nuisible
EP4062369A4 (fr) Systèmes et procédés de détection et de reconnaissance d&#39;objet
EP3915243A4 (fr) Procédés et systèmes pour la détection de région de tableau d&#39;affichage
EP3853641A4 (fr) Systèmes et procédés pour inspection de sécurité
EP3756160A4 (fr) Système et procédé de détection rapide d&#39;objets
EP3756006A4 (fr) Systèmes et procédés de détection d&#39;allergènes
EP3984010A4 (fr) Systèmes et procédés de surveillance d&#39;objet
EP3717871A4 (fr) Systèmes et procédés de détermination de trajet
EP4028964A4 (fr) Système et procédé d&#39;atténuation de menace
EP4063830A4 (fr) Analyseur et système de détection
EP3983902A4 (fr) Systèmes et procédés de traitement d&#39;alarme
EP3884267A4 (fr) Systèmes et procédés de détection destinés à des dispositifs médicaux

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20220216

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20230704

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 16/901 20190101ALI20230628BHEP

Ipc: G06F 21/55 20130101ALI20230628BHEP

Ipc: G06F 21/60 20130101ALI20230628BHEP

Ipc: G06F 21/56 20130101AFI20230628BHEP